In 2025, Brazilian e-commerce is expected to break another record. But what comes along with this avalanche of orders and clicks is also concerning. We’re talking about the rise in digital fraud.
The Brazilian Association of Electronic Commerce (ABComm) projects revenues of R$224.7 billion for the sector this year, 10% more than in 2024. There will be about 435 million orders and 94 million consumers browsing, shopping, and (sometimes) taking risks in virtual storefronts. All this in a market that has grown uninterrupted for eight years.
Dates like Cyber Monday, Father’s Day, Christmas, and even continuous clearance periods demand, more than ever, prepared and secure platforms. The so-called ‘hot seasons’ of retail make the end of the year not only a strategic warm-up for promotions but also for fraud attempts.
Black Friday is marked: November 28. And if, on one hand, promotions drive the digital economy, on the other, they also swing the doors wide open for scammers. But growth comes at a cost. And it’s not just financial.
The 2024 edition has already given signs of what to expect. According to ConfiNeotrust and ClearSale, by noon on the Saturday following Black Friday, 17,800 fraud attempts were recorded. Estimated value of blocked attempts? R$27.6 million. The average fraud ticket is staggering: R$1,550.66, more than triple the average value of a legitimate purchase.
And the preferred targets? Games, IT, and musical instruments.
Even with a 22% drop in the total value of fraud compared to the previous year, experts are categorical: digital criminals remain active and more sophisticated.
Meanwhile, PIX skyrockets. During the last Black Friday, transactions with the instant system jumped 120.7% in a single day. R$130 billion was moved, according to the Central Bank. A historic feat. But also concerning.
More speed, more access, more instantaneity, more vulnerabilities. And not all platforms are prepared for this. Slowness, instability, and security gaps become the perfect entry point for those on the other side—attentive and opportunistic fraudsters.
These failures directly affect user experience and brand reputation. A PwC study reveals that 55% of consumers would avoid buying from a company after a negative experience, and 8% would abandon a purchase after a single unfavorable incident.
“Digital security is not a final step. It’s a continuous process that begins before the first line of code,” summarizes Wagner Elias, CEO of Conviso, an expert in application security (AppSec).
To protect e-commerce software, the application security sector (AppSec)—which is expected to reach $25 billion by 2029, according to Mordor Intelligence—works to find vulnerabilities before they become real problems.
The goal of AppSec is to map security gaps before they are exploited by attackers. Elias compares it to building a house: “It’s like constructing a house already thinking about access points: you don’t wait for someone to try breaking in before installing locks or cameras. The idea is to anticipate risks and strengthen defenses from the start,” explains Elias.
And the CEO warns that the ideal would be for companies to constantly review their platforms to identify and fix potential security gaps, creating a continuous culture of protection. “The key is to offer real assurance for both the product and the consumer, strengthening trust in the platform and the entire purchasing process. And this is only possible with preparation that begins months before the date.”
One of the solutions that can support e-commerce in this process is Site Blindado, now part of Conviso, an application security company and reference in AppSec. The trust seal operates at different levels, serving virtual stores that need basic protection to those requiring greater proof of authenticity, or even stricter certifications like PCI-DSS, required for those handling credit card data.
Those who take security seriously reap results. Visa, for example, blocked 270% more fraud in 2024 compared to the same period the previous year. This was only possible thanks to a robust investment: over $11 billion in technology and security in the last five years.
The key? Artificial intelligence, machine learning, and real-time behavior analysis. All in milliseconds. Without disrupting the genuine consumer who just wants to secure the discount at checkout.
Prevention starts at the foundation. But how to protect yourself? The recommendations are clear and involve both companies and consumers,” reinforces Conviso’s CEO.
Tips for companies:
- Include security in the system development phase;
- Conduct penetration tests (pentests) frequently;
- Integrate protection tools into your DevOps without losing agility;
- Train technology teams focusing on security best practices;
- Create a culture where security is routine, not an exception.
And for consumers going digital shopping:
- Avoid deals that seem too good to be true;
- Check if the site is trustworthy (https, security seals, CNPJ, etc.);
- Prefer well-known platforms and apps;
- Avoid links received via email or social media—especially from strangers;
- Enable two-factor authentication whenever possible.
“While consumers need to learn to recognize risk signals, companies have the duty to provide fortified environments. It’s the combination of both that sustains trust in platforms and keeps the market healthy,” concludes Elias.
